Django 403 forbidden only happens at login in prod environment

I have a Login using the Django Login/authentication, once I Post the request to login I get the 403 Forbidden error with the following message:

CSRF verification failed. Request aborted.

You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for “same-origin” requests.

This only happens with the login and not with the other forms that I have in my application.

this is my login form:

{% extends "main/base.html" %}
{% load static %}
{% load widget_tweaks %}



{% block content%}

<div class='container'>
    <div class='row pt-4'>
        <div class="col">

        </div>
        <div class="col-md-4 col-md-offset-4">
            <div class="card text-center">
                <!-- Login Form -->
                <div class="card-header bg-dark">
                    <h2 class="text-secondary">Login</h2>
                </div>
                <div class="card-body card text-left">
                    <form method="POST">
                        {% csrf_token %}
                        {% for hidden in form.hidden_fields %}
                        {{ hidden }}
                        {% endfor %}
                        {% for field in form.visible_fields %}
                        <div class="form-group">

                            <label>{{ field.label_tag }}</label>
                            {% render_field field class="form-control" %}
                            {% for error in field.errors %}
                            <span class="help-block">{{ error }}</span>
                            {% endfor %}

                        </div>

                        {% endfor %}
                        <div class="form-group">
                        <p>¿Olvidaste tú usuario o contraseña?<a href=""> Click aquí!</a></p>
                        </div>
                        <div class="form-group">

                            <button type="submit" class="btn btn-primary">Ingresar</button>

                        </div>
                    </form>
                </div>
            </div>
        </div>
        <div class="col">
        </div>
    </div>
</div>





{% endblock %}

I have tried with everything in settings:

ALLOWED_HOSTS = ['http://*', 'https://*'] ( I have tried with the specific url)
CSRF_TRUSTED_ORIGINS = ['http://*', 'https://*'] ( I have tried with the specific url)
CSRF_COOKIE_SECURE = True (I have tried with False)
SESSION_COOKIE_SECURE = True (I have tried with False)

The functionality works fine in local for login.

If in production I access first to the admin and then go back to the login of the application, It works fine, but if I close the browser windonw and access through the login again I get the 403 error.

I'm using Djano 3.2 version

The problem was that I had to access through https:// and I was accesing the site with only http://

Back to Top